(Bloomberg) — CurrentC, the retailer-backed mobile-payment system touted as an alternative to Apple Inc.’s platform, was hacked during a test of the technology, resulting in some e-mail addresses being stolen.
Unauthorized parties gathered the addresses during the past 36 hours, according to an e-mail from Merchant Customer Exchange LLC, or MCX, the retailer group that is running CurrentC. The system, which lets customers pay for items with their phones by scanning QR codes, is slated to officially debut next year.
“MCX is continuing to investigate this situation and will provide updates as necessary,” the group said in the note. “We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.”
The attack represents a black eye for a coalition that’s working to win the trust of consumers and gain an edge over the Apple Pay system. CVS Health Corp. and Rite Aid Corp., part of the MCX group, stopped accepting Apple Pay last week, putting a spotlight on their support for CurrentC.
“The breach itself seems fairly benign, but the timing is unfortunate,” Tien-tsin Huang, an analyst at JPMorgan Chase & Co. in New York, said in a note. “CurrentC is looking to build brand equity ahead of its launch in 2015 as a safe alternative to other mobile payment offerings like Apple Pay.”
Linda Walsh, a spokeswoman for Needham, Massachusetts-based MCX, confirmed the security breach today.
“Many of these e-mails were dummy accounts used for testing purposes only,” she said, without elaborating on how big the breach was or how many stores are testing CurrentC.
Prior to disclosing the breach, MCX said that “consumers’ privacy and data security are our top priorities.”
Apple Pay, which was unveiled earlier this month, works with new iPhone 6 and iPhone 6 Plus models. It lets customers swipe their phones at a store, instead of using a plastic card. Apple is aiming to gain wide acceptance for its payment system — something that has eluded previous efforts by Square Inc., Google Inc. and Softcard.
CurrentC, meanwhile, is supported by Wal-Mart Stores Inc., Best Buy Co. and other retailers. They’re looking to cut down on transaction fees paid to the credit-card companies and to give stores more control over customer-reward programs. CurrentC would be linked with a customer’s debit-card account or a store credit card and require shoppers to scan QR codes — bar-code- like symbols that phones detect with their cameras.
CurrentC retailers are required to use the system exclusively, meaning they couldn’t accept both it and Apple Pay. Still, companies won’t have to pay fines if they choose to stop using it, MCX said earlier today.
At stake is a mobile-payments market will grow sevenfold to $90 billion in 2017 from $12.8 billion in 2012, according to Forrester Research Inc.
With Apple Pay already out in the market and functioning, the race is on for competing platforms that are hoping to win over consumers, said Nick Holland, an analyst at Javelin Strategy & Research.
“Time is clearly of the essence to win hearts and minds,” he said. “As a retailer, you should be accepting all of these. To not be open and agnostic is a recipe for disaster.”